XP SP2 über patch already needs fixing

That wasn't long, now was it?

TheRegister wrote:

The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected.

Boy am I glad I don't use Internet Explorer!

Old news but:

CERT recommends anything but IE

Still using Internet Explorer? Think again!

Um...some of us work in corporate environments where we really don't have a great deal of choice.  But I have been told extensive testing is underway to make sure that SP2 works with our existing apps. I'm not too worried. Anyway...

At least one thing coming out of the Seattle/Redmond area is appreciated by someone...

http://www.cnn.com/2004/US/West/08/18/bear.beer.reut/index.html

I wonder why internet explorer allows .exe to be in a image tag, why isn't it just like only allowing like .jpg, .jpeg, .bmp, .png, .gif, etc.

Is there something that can give .exe files image things so that it is functional or is this a mistake?

If u disabled "Allow paste options true scripts" then there is not much they can actually do, as far as I see. Then the risk is just as high as when u download a file to your dekstop, instead of dragging it to your desktop.

I hope the guy that made the Proof of Concept can make a bugfix to the dotted iframe thing, because I am unable to get that working. =)

imekon wrote:

That wasn't long, now was it?

TheRegister wrote: The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected.

Boy am I glad I don't use Internet Explorer!

What, you thought that SP2 would be the end of all patches? Hardly. Programmers will make mistakes or, as is most likely with this one, the architects/PMs won't spot a consequence of their design. We're human, dammit.

At some point the SP2 team had to say 'right, we're going to ship this thing' and freeze it at that point.

Since IE's security model has been heavily reviewed over the last year and numerous changes made to reduce the effects of attacks, I'm happier using IE than any competitor. The lower number of attacks targetting FireFox tells you nothing about the long-term security potential of that browser. I'll just note that FireFox doesn't yet have an equivalent of zones - only the all-or-nothing enable/disable JavaScript option. Zones are on the roadmap. The main problem IE has had recently with zones is ensuring that URLs are interpreted in the correct zone.

I agree with Mike 100%.  How can you possibly not make a mistake when you make changes as far sweeping as the ones that have been made to XP.  Its easy to make mistakes in a small project working alone let alone in a team of developers working on an enourmously large project.  At some point you just have to give Microsoft a break and say they are making a concerted effort to improve security.  By the way, when Linux apps get patched rapidly it's called flexibilty?  I, Mekon that kind of double standard might be better reserved for slashdot.  How about giving a little credit where its due and saying that at least they're moving in the right direction

For someone who will never install SP2, i-me-kon is motivated beyond reason.

I’d say he is the type who gets a kick out of hacking into little old ladies computers, just to have a look around.

I mean for a guy that really dislikes Windows he posts to this forum a lot.

Most of the “new” members of channel9 passionately hate Microsoft and anyone who uses Microsoft technology. There have been too many links to commercial British Tech Tabloids lately, with all their spam-ads and pop-ups.    

Yea I find this to be really a shame.  This is such a good way to provide feedback to Microsoft.  If this turns into a second slashdot where all people do is scream about the evils of Microsoft, I think Microsoft will shut this forum down.  And that would hurt the people who come here to actually discuss Microsoft products and provide feedback in an intelligent manner, rather than as blind fanatics.  I hope these people start seeing this as a way to improve the products they constantly insult rather than just another forum to insult them.

 

What motivates an i-me-kon to log-on to channel9 just to spew spam?

Well I'm sure he feels anyone stupid and evil enough to use Microsoft deserves lots and lots of spam.  Oh wait but he said in a different thread that he still uses Microsoft on some of his machines.  Now I'm confused.

You have obviously been reading too much evil and stupid British spam lately.  

anyone else getting annoyed with eagles insistence everything bad comes out of the UK?

I don't think thats the point.  The point is lets get back to a little more of an on topic discussion rather than this constant bashing whether its of an operating system or of another user.  Again I really have been fed up with Slashdot and I dont want this to become like that.

The Register is a tabloid?!

n.
A newspaper of small format giving the news in condensed form, usually with illustrated, often sensational material

adj.
1. In summary form; condensed.
2. Lurid or sensational

(From http://dictionary.reference.com)

imekon wrote:

That wasn't long, now was it?

TheRegister wrote: The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected.

There is no demo. Also it says the user can be tricked. For example tricking you to delete all the files in your home directory promising you will make lots of money. That's not a vulunerability. Not everyone on the web is credible. Also this is from register, it is the British version of tech tabloids.

To use IE as your main browser is like having sex with a crack * whom you know has aids without using protection.  I only use it for Windows Update and Channel 9 since the Channel 9 website doesnt properly work with the Netscape Windows Media Plugin.  I ussually use Netscape 7.2 or Mozilla Firefox.

rjdohnert wrote:

To use IE as your main browser is like having sex with a crack * whom you know has aids without using protection.  I only use it for Windows Update and Channel 9 since the Channel 9 website doesnt properly work with the Netscape Windows Media Plugin.  I ussually use Netscape 7.2 or Mozilla Firefox.

<sarcasm>Yes, I can see your point.  I'm going to run out and install some other browser</sarcasm>

Give me a break.